[ALAS-2020-1364] Amazon Linux AMI 2014.03 - ALAS-2020-1364: medium priority package update for expat
Severity
Medium
Affected Packages
6
CVEs
1
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2015-2716:
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
CVE-2015-2716 expat: Integer overflow leading to buffer overflow in XML_GetBuffer()
Package | Affected Version |
---|---|
pkg:rpm/amazonlinux/expat?arch=x86_64&distro=amazonlinux-1 | < 2.1.0-11.22.amzn1 |
pkg:rpm/amazonlinux/expat?arch=i686&distro=amazonlinux-1 | < 2.1.0-11.22.amzn1 |
pkg:rpm/amazonlinux/expat-devel?arch=x86_64&distro=amazonlinux-1 | < 2.1.0-11.22.amzn1 |
pkg:rpm/amazonlinux/expat-devel?arch=i686&distro=amazonlinux-1 | < 2.1.0-11.22.amzn1 |
pkg:rpm/amazonlinux/expat-debuginfo?arch=x86_64&distro=amazonlinux-1 | < 2.1.0-11.22.amzn1 |
pkg:rpm/amazonlinux/expat-debuginfo?arch=i686&distro=amazonlinux-1 | < 2.1.0-11.22.amzn1 |
- ID
- ALAS-2020-1364
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2020-1364.html
- Published
-
2020-05-11T20:41:00
(4 years ago) - Modified
-
2020-05-14T02:27:00
(4 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2015-2716 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/expat?arch=x86_64&distro=amazonlinux-1 | amazonlinux | expat | < 2.1.0-11.22.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/expat?arch=i686&distro=amazonlinux-1 | amazonlinux | expat | < 2.1.0-11.22.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/expat-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | expat-devel | < 2.1.0-11.22.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/expat-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | expat-devel | < 2.1.0-11.22.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/expat-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | expat-debuginfo | < 2.1.0-11.22.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/expat-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | expat-debuginfo | < 2.1.0-11.22.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |